Self-Encrypting Drives for
Servers, NAS and SAN Arrays
approach has an a fundamental flaw: Rather than
increasing security, it actually decreases security
and increases complexity by exposing encryption
keys that are long-lived keys, while exposing large
amounts of cipher text that were all encrypted
with only a single encryption key. If encryption is
needed for data in motion, it should be provided
by IPSec or FC over IP. Encrypting data on the
drive is best performed by the drive itself, for all of
the reasons provided below.
Application, database, OS and file system
encryption (see Figure 1) are all techniques
that cover threats to drive data (whether from
database, file or system administrators or from
hackers) that arise within the data center. But due
to the significant performance degradation and
non-scalable changes required to the application,
database, OS or file system that such encryption
entails, it’s impractical to encrypt more than just a
limited portion of data. Administrators cope with
this restriction by reserving encryption for only the
most sensitive data.
This forces administrators to rely on data
classification in order to identify and locate
sensitive data; unfortunately, it’s widely
acknowledged that this process fails to identify
all instances of sensitive data. Data classification
is difficult, labor-intensive and challenging to
maintain, especially when sensitive information
can be copied from a protected source to an
unprotected destination. Such problems result
in too much unencrypted sensitive data being
written to disk, data which will likely persist on
the hard drive long after the drive’s useful life has
ended.
As such, it falls to encryption technologies
downstream of the file system to provide full disk
encryption and close the gap created when data
classification fails to capture sensitive data. These
technologies relieve data custodians from the
responsibility of classifying the data’s sensitivity
upon leaving control of the data center, a task
fraught with management headaches and extra
cost. Encrypting in the fabric, RAID disk controller
(in a server or storage subsystem controller) or
hard drive are all possibilities. But where should
this encryption take place?
Using Self-Encrypting Drives merely for instant
secure erase provides an extremely efficient and
effective means to help securely retire a drive.
But using SEDs in auto-lock mode provides even
more advantages. In short, from the moment the
drive or system is removed from the data center
(with or without authorization), the drive is locked.
No advance thought or action is required from
the data center administrator to protect this data.
This helps prevent a breach should the drive be
mishandled and helps secure the data against the
threat of insider or outside theft.
Comparing Technologies for Securing Data
on Hard Drives
No single encryption technology can effectively
and efficiently secure all data against all threats.
Different technologies are used to protect against
different threats. For example, Self-Encrypting
Drives help secure data against threats when the
drive eventually leaves the owner’s control, but
it cannot protect data from certain threats that
take place within the data center. For example, if
an attacker gains access to a server that can in
turn access an unlocked drive, the attacker can
read the clear text coming from the drive. Thus
it’s important to remember that SED encryption
technology does not replace the data center’s
access controls, rather it complements them.
Securing data at rest also should be
complementary, rather than a replacement, to
securing data in motion. The vast majority of data
in motion moving over the wire downstream of
the file system, whether moving over Ethernet
on the NAS or at the block level on a SAN, is
physically under the IT storage administrator’s
control, and therefore is not considered a
security risk. For the data in motion that is not
physically under the administrator’s control, the
most widely accepted and established practice
for encrypting this data is to use IPSec or FC
over IP, which use ephemeral session encryption
keys to encrypt small amounts of data. It may
seem that, instead of using this session security
technique, encrypting in the fabric to secure the
data on the hard drive is a better solution: the
data is encrypted not only on the hard drive,
but also as it travels through the fabric. But this
4
